Fortinet Document Library

Version:


Table of Contents

Copy Link

Parameters for new VPC deployment

Network configuration

Parameter label (name)

Default

Description

Availability Zones (AvailabilityZones)

Requires input

Select the AZs to use for the subnets in the VPC. It required to select two AZs.

VPC CIDR (VPCCIDR)

10.0.0.0/16

The CIDR block for the VPC.

Public subnet 1 CIDR (PublicSubnet1CIDR)

10.0.0.0/24

The CIDR block for the subnet located in AZ 1.

Public subnet 2 CIDR (PublicSubnet2CIDR)

10.0.2.0/24

The CIDR block for the subnet located in AZ 2.

FortiWeb configuration

Parameter label (name)

Default

Description

Resource name prefix (CustomIdentifier) fwbASG A custom identifier as resource name prefix. Must be at most ten characters long and only contain uppercase, lowercase letters, and numbers.

FortiWeb version (FortiWebVersionShow)

LATEST

The version of FortiWe-VM.

Instance type (FortiWebInstanceType) c5.large Instance type to launch as FortiWeb-VM on-demand instances. For more information about instance types, see Amazon EC2 Instance Types.
Admin port (FortiWebAdminPort) 8443

A port number for FortiWeb-VM administration.

Select 8443 for HTTPS access or 8080 for HTTP access.

Admin CIDR block (FortiWebAdminCidr) Requires input

CIDR block for external admin management access.

WARNING: 0.0.0.0/0 accepts connections from any IP address. It is recommend to use a constrained CIDR range to reduce the potential of inbound attacks from unknown IP addresses.

Key pair name (KeyPairName) Requires input Amazon EC2 key pair for admin access.

Admin password

(FortiWebAdminPassword)

Requires input

The admin password for FortiWeb-VMs. The password needs to contain lowercase letters, uppercase letters, numbers, and one of these special characters "$@$!%*#?&". The length should be between 8-16.

FortiWeb Elastic IP option(ElasticIPOption)

use an Elastic IP specified below

An Elastic IP can be used to access the master FortiWeb-VM. When the master role is transferred from one instance to another, the EIP will be associated with the new instance at the same time.

You can fill in the existing Elastic IP below, or let us create a new one for you. The default action is to use an existing Elastic IP.

FortiWeb Elastic IP(FortiWebElasticIP)

fwbASG-EIP

Specify the Elastic IP address or name, through which you can manage FortiWeb. If you use an existing Elastic IP, fill it in here. If you create a new Elastic IP, give it a name so that you can find it easily in the AWS console.

FortiWeb-VM ASG configuration

Parameter label (name)

Default

Description

Instance lifecycle expiry (ExpireLifecycleEntry) 300 FortiWeb-VM instance lifecycle expiry entry (in seconds). Minimum is 60. Maximum is 3,600.
Minimum On-Demand FortiWeb group size (FortiWebAsgMinSizeOnDemand) 2 Minimum number of On-Demand FortiWeb-VM instances in the Auto-Scaling Group. Value should be less than or equal to Desired On-Demand FortiWeb.

Maximum On-Demand FortiWeb group size

(FortiWebAsgMaxSizeOnDemand)

4 Maximum number of On-Demand FortiWeb instances in the Auto-Scaling Group. Maximum is 16. Value should be greater than or equal to Desired On-Demand FortiWeb capacity.
Desired BYOL FortiWeb capacity (FortiWebAsgCapacityBYOL) 2

The number of BYOL FortiWeb instance. For On-demand only case, set this value to 0; For hybrid case, set it to a value >= 1.

Please note that you need to provide an equal number of licenses.

The total number of BYOL and On-Demand FortiWeb needs to be less than or equal to 16.

Desired On-Demand FortiWeb capacity (FortiWebAsgDesiredCapacityOnDemand)

2

The initial number of On-Demand FortiWeb instance. Value must be between Minimum On-Demand FortiWeb group size and Maximum On-Demand FortiWeb group size. The total number of BYOL and On-Demand FortiWeb needs to be less than or equal to 16.

Health check grace period (FortiWebAsgHealthCheckGracePeriod) 300 The length of time (in seconds) that auto scaling waits before checking an instance's health status. Minimum is 60.
Scaling cooldown period (FortiWebAsgCooldown) 300 The ASG waits for the cooldown period (in seconds) to complete before resuming scaling activities. Minimum is 60. Maximum is 3,600.

Scale-out threshold (FortiWebAsgScaleOutThreshold)

80

The average CPU threshold (in percentage) for the FortiWeb-VM ASG to scale out (add) one instance. Minimum is 1. Maximum is 100. The value should be between Scale-in threshold and 100.

Scale-in threshold (FortiWebAsgScaleInThreshold)

25

The average CPU threshold (in percentage) for the FortiWeb-VM ASG to scale in (remove) one instance. Minimum is 1. Maximum is 100. The value should be between 1 and Scale-out threshold.

Healthy threshold (FortiWebElbTgHealthyThreshold)

3

The number of consecutive health check failures required before considering a FortiWeb-VM instance unhealthy. Minimum is three.

Load balancing configuration

Parameter label (name)

Default

Description

LoadBalancer option (LoadBalancingOption)

add a new load balancer

Select add a new load balancer. It will be used to route traffic to HTTP and HTTPS web services. The required configurations of this load balancer will be automatically set by the template.

ELB DNS name (LoadBalancerDnsName)

(empty)

Leave it empty. This option is not necessary if you selected add a new load balancer. It will be automatically configured by the template.

HTTP Web service traffic port (BalanceWebTrafficOverPortHTTP) 80 Receive HTTP web service traffic through this port and load balance traffic to this port of FortiWeb. Minimum is 1. Maximum is 65535.
HTTPS Web service traffic port (BalanceWebTrafficOverPortHTTPS) 443 Receive HTTPS web service traffic through this port and load balance traffic to this port of FortiWeb. Minimum is 1. Maximum is 65535.

AWS Quick Start configuration

Parameter label (name)

Default

Description

Quick Start S3 bucket name (QSS3BucketName) Requires input

The name of the S3 bucket in which the FortiWeb autoscaling deployment package is stored, for example, aws-quickstart.

Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-).

Quick Start S3 key prefix (QSS3KeyPrefix) Requires input

The path of the FortiWeb autoscaling deployment package in s3, for example: quickstart-fortinet-FortiWeb/.

Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/).

Parameters for new VPC deployment

Network configuration

Parameter label (name)

Default

Description

Availability Zones (AvailabilityZones)

Requires input

Select the AZs to use for the subnets in the VPC. It required to select two AZs.

VPC CIDR (VPCCIDR)

10.0.0.0/16

The CIDR block for the VPC.

Public subnet 1 CIDR (PublicSubnet1CIDR)

10.0.0.0/24

The CIDR block for the subnet located in AZ 1.

Public subnet 2 CIDR (PublicSubnet2CIDR)

10.0.2.0/24

The CIDR block for the subnet located in AZ 2.

FortiWeb configuration

Parameter label (name)

Default

Description

Resource name prefix (CustomIdentifier) fwbASG A custom identifier as resource name prefix. Must be at most ten characters long and only contain uppercase, lowercase letters, and numbers.

FortiWeb version (FortiWebVersionShow)

LATEST

The version of FortiWe-VM.

Instance type (FortiWebInstanceType) c5.large Instance type to launch as FortiWeb-VM on-demand instances. For more information about instance types, see Amazon EC2 Instance Types.
Admin port (FortiWebAdminPort) 8443

A port number for FortiWeb-VM administration.

Select 8443 for HTTPS access or 8080 for HTTP access.

Admin CIDR block (FortiWebAdminCidr) Requires input

CIDR block for external admin management access.

WARNING: 0.0.0.0/0 accepts connections from any IP address. It is recommend to use a constrained CIDR range to reduce the potential of inbound attacks from unknown IP addresses.

Key pair name (KeyPairName) Requires input Amazon EC2 key pair for admin access.

Admin password

(FortiWebAdminPassword)

Requires input

The admin password for FortiWeb-VMs. The password needs to contain lowercase letters, uppercase letters, numbers, and one of these special characters "$@$!%*#?&". The length should be between 8-16.

FortiWeb Elastic IP option(ElasticIPOption)

use an Elastic IP specified below

An Elastic IP can be used to access the master FortiWeb-VM. When the master role is transferred from one instance to another, the EIP will be associated with the new instance at the same time.

You can fill in the existing Elastic IP below, or let us create a new one for you. The default action is to use an existing Elastic IP.

FortiWeb Elastic IP(FortiWebElasticIP)

fwbASG-EIP

Specify the Elastic IP address or name, through which you can manage FortiWeb. If you use an existing Elastic IP, fill it in here. If you create a new Elastic IP, give it a name so that you can find it easily in the AWS console.

FortiWeb-VM ASG configuration

Parameter label (name)

Default

Description

Instance lifecycle expiry (ExpireLifecycleEntry) 300 FortiWeb-VM instance lifecycle expiry entry (in seconds). Minimum is 60. Maximum is 3,600.
Minimum On-Demand FortiWeb group size (FortiWebAsgMinSizeOnDemand) 2 Minimum number of On-Demand FortiWeb-VM instances in the Auto-Scaling Group. Value should be less than or equal to Desired On-Demand FortiWeb.

Maximum On-Demand FortiWeb group size

(FortiWebAsgMaxSizeOnDemand)

4 Maximum number of On-Demand FortiWeb instances in the Auto-Scaling Group. Maximum is 16. Value should be greater than or equal to Desired On-Demand FortiWeb capacity.
Desired BYOL FortiWeb capacity (FortiWebAsgCapacityBYOL) 2

The number of BYOL FortiWeb instance. For On-demand only case, set this value to 0; For hybrid case, set it to a value >= 1.

Please note that you need to provide an equal number of licenses.

The total number of BYOL and On-Demand FortiWeb needs to be less than or equal to 16.

Desired On-Demand FortiWeb capacity (FortiWebAsgDesiredCapacityOnDemand)

2

The initial number of On-Demand FortiWeb instance. Value must be between Minimum On-Demand FortiWeb group size and Maximum On-Demand FortiWeb group size. The total number of BYOL and On-Demand FortiWeb needs to be less than or equal to 16.

Health check grace period (FortiWebAsgHealthCheckGracePeriod) 300 The length of time (in seconds) that auto scaling waits before checking an instance's health status. Minimum is 60.
Scaling cooldown period (FortiWebAsgCooldown) 300 The ASG waits for the cooldown period (in seconds) to complete before resuming scaling activities. Minimum is 60. Maximum is 3,600.

Scale-out threshold (FortiWebAsgScaleOutThreshold)

80

The average CPU threshold (in percentage) for the FortiWeb-VM ASG to scale out (add) one instance. Minimum is 1. Maximum is 100. The value should be between Scale-in threshold and 100.

Scale-in threshold (FortiWebAsgScaleInThreshold)

25

The average CPU threshold (in percentage) for the FortiWeb-VM ASG to scale in (remove) one instance. Minimum is 1. Maximum is 100. The value should be between 1 and Scale-out threshold.

Healthy threshold (FortiWebElbTgHealthyThreshold)

3

The number of consecutive health check failures required before considering a FortiWeb-VM instance unhealthy. Minimum is three.

Load balancing configuration

Parameter label (name)

Default

Description

LoadBalancer option (LoadBalancingOption)

add a new load balancer

Select add a new load balancer. It will be used to route traffic to HTTP and HTTPS web services. The required configurations of this load balancer will be automatically set by the template.

ELB DNS name (LoadBalancerDnsName)

(empty)

Leave it empty. This option is not necessary if you selected add a new load balancer. It will be automatically configured by the template.

HTTP Web service traffic port (BalanceWebTrafficOverPortHTTP) 80 Receive HTTP web service traffic through this port and load balance traffic to this port of FortiWeb. Minimum is 1. Maximum is 65535.
HTTPS Web service traffic port (BalanceWebTrafficOverPortHTTPS) 443 Receive HTTPS web service traffic through this port and load balance traffic to this port of FortiWeb. Minimum is 1. Maximum is 65535.

AWS Quick Start configuration

Parameter label (name)

Default

Description

Quick Start S3 bucket name (QSS3BucketName) Requires input

The name of the S3 bucket in which the FortiWeb autoscaling deployment package is stored, for example, aws-quickstart.

Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-).

Quick Start S3 key prefix (QSS3KeyPrefix) Requires input

The path of the FortiWeb autoscaling deployment package in s3, for example: quickstart-fortinet-FortiWeb/.

Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/).